Overview
Guidelines for protecting organizational information assets
Policy Content
Version 1 • Effective Jan 15, 2026
INFORMATION SECURITY POLICY 1. PURPOSE This policy establishes the information security requirements for all employees, contractors, and third parties accessing organizational information systems. 2. SCOPE This policy applies to all employees, contractors, and authorized users of the organization's information systems. 3. PRINCIPLES - Confidentiality: Protect sensitive information from unauthorized access - Integrity: Ensure information remains accurate and unaltered - Availability: Maintain systems and data in a state of readiness for use 4. PASSWORD REQUIREMENTS - Minimum 12 characters - Must contain uppercase, lowercase, numbers, and special characters - Must be changed every 90 days - No password reuse within 12 previous passwords 5. DATA CLASSIFICATION Level 1 (Public): Non-sensitive information Level 2 (Internal): Internal use only Level 3 (Confidential): Restricted access Level 4 (Secret): Highest protection required 6. INCIDENT REPORTING Security incidents must be reported within 24 hours to the Security Operations Center. 7. COMPLIANCE Non-compliance with this policy may result in disciplinary action up to and including termination. Effective Date: January 15, 2026 Version: 1.0
Related Controls
Compliance controls addressed by this policy
User Access Control
aligned
Password Management
aligned
Data Encryption
aligned
Incident Response
aligned
Acknowledgement Status
Acknowledgement Rate94%
Acknowledged
230
Pending
15
Required By
Feb 15, 2026
Created
Jan 15, 2026
Actions
Recent Acknowledgements
Alice Smith
alice.smith@acme.com
Jan 16, 2026
Bob Johnson
bob.johnson@acme.com
Jan 16, 2026
Carol White
carol.white@acme.com
Jan 17, 2026
David Brown
david.brown@acme.com
Pending
Emma Davis
emma.davis@acme.com
Pending